Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/eTvTNvGijATumtgKDvt8LQZZUsE.roa
File:                     eTvTNvGijATumtgKDvt8LQZZUsE.roa (raw, json)
Hash identifier:          Az4OLcunN029KTFPR0B23PWUAOXVXdWLGjkBgBimcDc=
Subject key identifier:   79:3B:D3:36:F1:A2:8C:04:EE:9A:D8:0A:0E:FB:7C:2D:06:59:52:C1
Certificate issuer:       /CN=1efa596a3126ace029c6d70d529257e07b38ba06
Certificate serial:       01902B6800F4F142E965591E8302536906D1
Authority key identifier: 1E:FA:59:6A:31:26:AC:E0:29:C6:D7:0D:52:92:57:E0:7B:38:BA:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/eTvTNvGijATumtgKDvt8LQZZUsE.roa
Signing time:             Tue 18 Jun 2024 12:52:34 +0000
ROA not before:           Tue 18 Jun 2024 12:52:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        128.139.4.0/24 maxlen: 24
                          128.139.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2b:68:00:f4:f1:42:e9:65:59:1e:83:02:53:69:06:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1efa596a3126ace029c6d70d529257e07b38ba06
        Validity
            Not Before: Jun 18 12:52:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=793bd336f1a28c04ee9ad80a0efb7c2d065952c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:24:d2:20:4b:79:ca:c2:54:98:b2:a7:07:bb:
                    e4:88:d3:ed:a7:46:f1:08:2c:79:c8:81:af:4a:ae:
                    13:1a:5e:41:3f:b9:12:b7:e5:37:83:00:61:b1:a4:
                    ca:3e:c7:d5:6d:f7:58:8b:28:6f:fd:cf:6c:ba:7e:
                    29:75:39:f8:43:8b:1f:55:1e:20:57:be:03:60:0f:
                    93:d2:26:77:34:63:54:0b:53:a3:d3:08:ba:74:e0:
                    7e:ea:a9:99:30:0c:1f:37:ff:3f:e3:31:3f:c6:68:
                    e4:fc:28:52:b2:a0:a7:24:09:fc:7a:ec:70:01:46:
                    f1:25:88:ca:11:9f:9a:51:fe:e5:0e:c1:d5:82:0d:
                    6c:40:db:ad:cb:2c:d6:e5:1d:c9:0a:0e:85:c3:7b:
                    d2:2d:40:a4:a1:a8:c2:36:57:ea:5f:fa:26:47:06:
                    0c:55:c6:2b:82:b3:bd:83:80:c7:9b:4b:7f:f2:14:
                    14:76:08:f8:86:0d:36:e4:87:80:94:e4:02:2a:1c:
                    66:62:cd:eb:a8:6d:cc:45:4d:27:5b:fa:1f:17:18:
                    2e:bc:c7:ce:82:ed:3e:4e:7d:fd:6b:0a:8d:60:46:
                    3b:62:8a:d4:74:d0:8a:c3:5e:9b:aa:2a:71:73:20:
                    00:e7:ce:f4:32:4e:bc:43:96:31:05:96:b1:12:d5:
                    80:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:3B:D3:36:F1:A2:8C:04:EE:9A:D8:0A:0E:FB:7C:2D:06:59:52:C1
            X509v3 Authority Key Identifier:
                keyid:1E:FA:59:6A:31:26:AC:E0:29:C6:D7:0D:52:92:57:E0:7B:38:BA:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/eTvTNvGijATumtgKDvt8LQZZUsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.139.4.0/24
                  128.139.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:60:f6:ea:81:c7:81:e9:20:98:ad:b3:3f:82:26:ab:39:b4:
         c2:3a:39:20:41:f9:01:84:92:93:c0:31:ba:31:b7:1d:17:6e:
         e2:8e:78:98:35:e6:da:66:31:4b:f8:b9:c4:43:76:4b:20:68:
         e5:4f:3e:95:c9:1c:84:43:3d:1a:c9:01:d6:3f:2a:db:29:50:
         39:9d:a7:b2:bd:93:19:39:03:09:9f:be:2a:3f:75:ec:f5:8f:
         03:f0:bf:46:57:70:bb:b5:9d:f8:ab:9f:0a:36:71:8d:d4:cd:
         5e:e8:20:14:43:c3:62:91:be:61:28:c1:a0:23:22:13:14:fe:
         96:76:35:79:22:b9:dd:af:fe:9a:a6:75:0b:d5:dc:be:d5:14:
         b1:58:43:3c:d4:07:54:6b:92:13:c6:81:1f:28:f8:98:26:26:
         e3:5c:53:e6:a2:07:77:b4:33:d4:7e:5c:45:9c:0f:66:88:02:
         ef:bf:ad:d2:5f:4b:bc:22:81:da:4d:5c:cc:e3:39:28:59:26:
         d1:00:26:65:92:ce:a5:f0:f9:fa:26:04:6e:38:23:d8:7a:0b:
         36:ed:c9:7b:3b:7c:08:e5:f0:dd:a7:e8:31:33:1f:03:10:8a:
         d2:2d:d4:8b:91:39:4e:32:ff:93:ad:fd:1b:4b:57:fb:f8:6d:
         b3:e2:a6:f8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZAraAD08ULpZVkegwJTaQbRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlZmE1OTZhMzEyNmFjZTAyOWM2ZDcwZDUyOTI1N2UwN2Iz
OGJhMDYwHhcNMjQwNjE4MTI1MjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTNiZDMzNmYxYTI4YzA0ZWU5YWQ4MGEwZWZiN2MyZDA2NTk1MmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiTSIEt5ysJUmLKnB7vkiNPtp0bx
CCx5yIGvSq4TGl5BP7kSt+U3gwBhsaTKPsfVbfdYiyhv/c9sun4pdTn4Q4sfVR4g
V74DYA+T0iZ3NGNUC1Oj0wi6dOB+6qmZMAwfN/8/4zE/xmjk/ChSsqCnJAn8euxw
AUbxJYjKEZ+aUf7lDsHVgg1sQNutyyzW5R3JCg6Fw3vSLUCkoajCNlfqX/omRwYM
VcYrgrO9g4DHm0t/8hQUdgj4hg025IeAlOQCKhxmYs3rqG3MRU0nW/ofFxguvMfO
gu0+Tn39awqNYEY7YorUdNCKw16bqipxcyAA5870Mk68Q5YxBZaxEtWA/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHk70zbxoowE7prYCg77fC0GWVLBMB8GA1UdIwQY
MBaAFB76WWoxJqzgKcbXDVKSV+B7OLoGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHZwWmFqRW1yT0FweHRjTlVwSlg0SHM0dWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8zY2M3OGEtOGZiNS00NzVhLTg4ODIt
OWQwYzYyMDczNWYxLzEvZVR2VE52R2lqQVR1bXRnS0R2dDhMUVpaVXNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8zY2M3OGEtOGZiNS00NzVhLTg4ODItOWQwYzYyMDczNWYx
LzEvSHZwWmFqRW1yT0FweHRjTlVwSlg0SHM0dWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAgIsEAwQA
gIsGMA0GCSqGSIb3DQEBCwUAA4IBAQCVYPbqgceB6SCYrbM/giarObTCOjkgQfkB
hJKTwDG6MbcdF27ijniYNebaZjFL+LnEQ3ZLIGjlTz6VyRyEQz0ayQHWPyrbKVA5
naeyvZMZOQMJn74qP3Xs9Y8D8L9GV3C7tZ34q58KNnGN1M1e6CAUQ8Nikb5hKMGg
IyITFP6WdjV5Irndr/6apnUL1dy+1RSxWEM81AdUa5ITxoEfKPiYJibjXFPmogd3
tDPUflxFnA9miALvv63SX0u8IoHaTVzM4zkoWSbRACZlks6l8Pn6JgRuOCPYegs2
7cl7O3wI5fDdp+gxMx8DEIrSLdSLkTlOMv+Trf0bS1f7+G2z4qb4
-----END CERTIFICATE-----